5bfb6104dd68fe7fc9dfcc501c7f5bd1a52d3e6c728ac7624bbbf4639f3f9c5e | Triage

Sharing

General

Target

HSBC Payment Advice.com.exe
Size

629KB
Sample

240611-w6lh3swhkd
MD5

b09f4f94d70cda53e8b2bfa6354f93c4
SHA1

eda24e23ebd136d0486da862add6da7727ea40f9
SHA256

5bfb6104dd68fe7fc9dfcc501c7f5bd1a52d3e6c728ac7624bbbf4639f3f9c5e
SHA512

7528f6f610c7e30263521480efe55590e2fac757f8782b3b696de434dcc05aefa17880eb1dade773acc3dc3d57c6a3d483c5d87997ab8efa2dad7b83812e5a10
SSDEEP

12288:ZgS9qJIgrUfr0+M6hcxICzB3nwoO+DsnyCh3fU3ZpDCbz95GiylnlV:/91fr0l6r4woO+iZfCDacnlV

Score

8^/10

execution

Malware Config

Targets

- Target
  
  HSBC Payment Advice.com.exe
- Size
  
  629KB
- MD5
  
  b09f4f94d70cda53e8b2bfa6354f93c4
- SHA1
  
  eda24e23ebd136d0486da862add6da7727ea40f9
- SHA256
  
  5bfb6104dd68fe7fc9dfcc501c7f5bd1a52d3e6c728ac7624bbbf4639f3f9c5e
- SHA512
  
  7528f6f610c7e30263521480efe55590e2fac757f8782b3b696de434dcc05aefa17880eb1dade773acc3dc3d57c6a3d483c5d87997ab8efa2dad7b83812e5a10
- SSDEEP
  
  12288:ZgS9qJIgrUfr0+M6hcxICzB3nwoO+DsnyCh3fU3ZpDCbz95GiylnlV:/91fr0l6r4woO+iZfCDacnlV
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2